Authenticating messages

ABSTRACT

Systems, methods, and software can be used to share content. In some aspects, a message is received at an electronic device from a sender. A first type 0 short message service (SMS) message is sent, from the electronic device to the sender. The first type 0 SMS message indicates an authentication request for the message. A second type 0 SMS message is received at the electronic device. The second type 0 SMS message indicates that the message is authenticated.

BACKGROUND

The present disclosure relates to authenticating messages. In somecases, messages, e.g., Short Message Service (SMS) messages, can becommunicated in a communication network. An electronic device mayreceive and send messages. In some cases, these messages can beformatted according to a standardized communications protocol, e.g., theSMS protocol.

DESCRIPTION OF DRAWINGS

FIG. 1 is an example communication system that authenticates messagesaccording to an implementation.

FIG. 2 is a schematic diagram showing an electronic device thatauthenticates messages.

FIG. 3 is a flow diagram showing an example process for authenticatingmessages according to an implementation.

FIG. 4 is a flow diagram showing another example process forauthenticating messages according to an implementation.

FIG. 5 illustrates an example type 0 SMS message according to animplementation.

FIG. 6 illustrates an example authentication information field accordingto an implementation.

Like reference numbers and designations in the various drawings indicatelike elements.

DETAILED DESCRIPTION

In some cases, the sender of a message can be identified in the message.For example, a SMS message can include a header portion and a bodyportion. The header portion can include a “from address” field thatindicates the identity of the sender and a “to address” field thatindicates the identity of the receiver. In some cases, the “fromaddress” field can include a phone number of the sender, or analphanumeric text representing the name or other information of thesender.

In some cases, the sender information in the message can be manipulatedby an attacker. For example, an attacker may send a message to areceiver, but including in the message information that identifies thesender as someone else. In some cases, the information that identifiesthe sender, e.g., the “from address” field in the SMS message, may notbe authenticated. Therefore, such attack may not be easily recognized.

In some cases, a different message, e.g., a type 0 SMS message, can beused to send authentication information that can be used to authenticatea message. A type 0 SMS message is a silent SMS message formattedaccording to the SMS protocol. In some cases, the type 0 SMS message canbe formatted by setting the protocol identity (PID) in the header of theSMS message to “type 0.” In some cases, the PID can be set to “64” toindicate that the SMS message is a type 0 SMS message.

In some cases, a receiver that receives a message can send a first type0 SMS message to the sender of the message. The first type 0 SMS messagecan indicate an authentication request for the message. In response, thesender can send a second type 0 SMS message. The second type 0 SMSmessage can indicate whether the received message is authenticated. Insome cases, a sender that sends a message can send an authenticatingtype 0 SMS message. The authenticating type 0 SMS message can includeauthentication information for the message to be authenticated. Theauthentication information can include a signature signed using aprivate key, a certificate associated with a public key corresponding tothe private key, or any combinations thereof The receiver can use theauthentication information to authenticate the message. FIGS. 1-6 andassociated descriptions provide additional details of theseimplementations.

Using the type 0 SMS message for authentication may provide one or moreadvantages. For example, in some cases, the type 0 SMS message may notbe displayed on an electronic device that receives the type 0 SMSmessage. In some cases, a type 0 SMS message may not trigger anotification on the electronic device that receives the type 0 SMSmessage. Therefore, if an electronic device does not support theauthentication procedure, the type 0 SMS message would be droppedsilently and the disruption to the operation of the electronic devicemay be limited.

FIG. 1 is an example communication system 100 that authenticatesmessages according to an implementation. At a high level, the examplecommunication system 100 includes a sending device 102 and a receivingdevice 104 that are communicably coupled over a network 110. The examplecommunication system 100 also includes a certificate authority (CA) 106.

The CA 106 represents an application, set of applications, software,software modules, hardware, or any combinations thereof that can beconfigured to issue digital certificates. In a public-key infrastructure(PM), a digital certificate can be issued by a CA to certify theownership of a public key by the named subject of the certificate. Theowner of the public key can generate a signature using a private keythat corresponds to the certified public key. A receiver of thesignature can validate the identity of the owner based on the certifiedpublic key and the signature. The CA 106 can be a root CA, a subordinateCA, or a combination thereof.

The example communication system 100 includes the network 110. Thenetwork 110 represents an application, set of applications, software,software modules, hardware, or any combinations thereof that can beconfigured to transmit signals among the sending device 102, thereceiving device 104, and the CA 106. The network 110 includes awireless network, a wireline network, or a combination thereof. Forexample, the network 110 can include one or a plurality of radio accessnetworks (RANs), core networks (CNs), and external networks. The RANsmay comprise one or more radio access technologies. In someimplementations, the radio access technologies may be Global System forMobile communication (GSM), Interim Standard 95 (IS-95), UniversalMobile Telecommunications System (UMTS), CDMA2000 (Code DivisionMultiple Access), Evolved Universal Mobile Telecommunications System(UMTS), Long Term Evaluation (LTE), or LTE-Advanced. In some instances,the core networks may be evolved packet cores (EPCs).

A RAN is part of a wireless telecommunication system which implements aradio access technology, such as UMTS, CDMA2000, 3GPP LTE, and 3GPPLTE-A. In many applications, a RAN includes at least one base station. Abase station may be a radio base station that may control all or atleast some radio-related functions in a fixed part of the system. Thebase station may provide radio interface within their coverage area or acell for a mobile device to communicate. The base station may bedistributed throughout the cellular network to provide a wide area ofcoverage. The base station directly communicates to one or a pluralityof mobile devices, other base stations, and one or more core networknodes.

The sending device 102 represents an application, set of applications,software, software modules, hardware, or any combinations thereof thatcan be configured to send a message. The receiving device 104 representsan application, set of applications, software, software modules,hardware, or any combinations thereof that can be configured to receivea message.

In operation, the receiving device 104 can receive a message from thesending device 102. The receiving device 104 can send a first type 0 SMSmessage to the sending device 102. The first type 0 SMS message canindicate an authentication request for the message. The sending device102 can send a second type 0 SMS message to the receiving device 104.The second type 0 SMS message can indicate that the received message isauthenticated. FIGS. 2-6 and associated descriptions provide additionaldetails of these implementations.

In some cases, the sending device 102, or an application operating onthe sending device 102, can generate a public key-private key pair. Thesending device 102 can send the public key to the CA. The CA cangenerate a certificate and send the certificate to the electronicdevice. In some cases, the sending device 102 can include a signaturesigned by the private key in the second type 0 SMS message. In somecases, the sending device 102 can include the certificate associatedwith the corresponding public key in the second type 0 SMS message.FIGS. 2-6 and associated descriptions provide additional details ofthese implementations.

In some cases, the sending device 102 can send a message to thereceiving device 104. The sending device 102 can also send a type 0 SMSmessage to the receiving device 104. The type 0 SMS message can includeauthentication information for the sent message. The authenticationinformation can include a signature signed using a private key of thesending device, a certificate associated with the corresponding publickey, or a combination thereof. FIGS. 2-6 and associated descriptionsprovide additional details of these implementations.

While elements of FIG. 1 are shown as including various component parts,portions, or modules that implement the various features andfunctionality, nevertheless these elements may instead include a numberof sub-modules, third-party services, components, libraries, and such,as appropriate. Furthermore, the features and functionality of variouscomponents can be combined into fewer components, as appropriate.

FIG. 2 is a schematic diagram 200 showing an electronic device 202 thatauthenticates messages according to an implementation. In some cases,the electronic device 202 can be used to perform the function as thesending device 102 or the receiving device 104 shown in FIG. 1. Theelectronic device 202 includes a processing unit 262, a communicationsubsystem 266, a user interface 268, and a memory 264. An electronicdevice may include additional, different, or fewer features, asappropriate.

The example processing unit 262 can include one or more processingcomponents (alternatively referred to as “processors” or “centralprocessing units” (CPUs)) configured to execute instructions related toone or more of the processes, steps, or actions described above, inconnection with one or more of the implementations disclosed herein. Insome implementations, the processing unit 262 can be configured togenerate control information, such as a measurement report, or respondto received information, such as control information from a networknode. In some cases, the processing unit 262 can also be configured tomake a radio resource management (RRM) decision, such as cellselection/reselection information or trigger a measurement report. Theprocessing unit 262 can also include other auxiliary components, such asrandom access memory (RAM) and read-only memory (ROM).

The example communication subsystem 266 can be configured to providewireless or wireline communication for data or control informationprovided by the processing unit 262. The communication subsystem 266 caninclude, for example, one or more antennas, a receiver, a transmitter, alocal oscillator, a mixer, and a digital signal processing (DSP) unit.In some implementations, the communication subsystem 266 can supportmultiple input multiple output (MIMO) transmissions. In someimplementations, the receivers in the communication subsystem 266 can bean advanced receiver or a baseline receiver. Two receivers can beimplemented with identical, similar, or different receiver processingalgorithms.

The example user interface 268 can include, for example, any of thefollowing: one or more of a display or touch screen display (forexample, a liquid crystal display (LCD), a light emitting display (LED),an organic light emitting display (OLED), or a micro-electromechanicalsystem (MEMS) display), a keyboard or keypad, a trackball, a speaker, ora microphone.

The example memory 264 can be a computer-readable storage medium on theelectronic device 202. Examples of the memory 264 include volatile andnon-volatile memory, magnetic media, optical media, random access memory(RAM), read-only memory (ROM), removable media, and others. The memory264 can store an operating system (OS) of electronic device 202 andvarious other computer-executable software programs for performing oneor more of the processes, steps, or actions described above.

As shown in FIG. 2, the example memory 264 can include a messageprocessing application 210. The message processing application 210represents an application, set of applications, software, softwaremodules, hardware, or any combinations thereof that can be configured toreceive and send messages. In some cases, the message processingapplication 210 can authenticate a message that is sent or received bythe electronic device 202. In one example, the message processingapplication 210 can receive a message, send a first type 0 SMS messageto request authentication of the received message, and receive a secondtype 0 SMS message that indicates whether the received message isauthenticated. In another example, the message processing applicationcan send a message, and send a type 0 SMS message that includesauthentication information for the sent message. FIGS. 3-6 andassociated descriptions provide additional details of theseimplementations.

Turning to a general description, an electronic device, e.g., theelectronic device 202, may include, without limitation, any of thefollowing: computing device, mobile device, mobile electronic device,user device, mobile station, subscriber station, portable electronicdevice, mobile communications device, wireless modem, or wirelessterminal. Examples of a mobile device may include a cellular phone,personal data assistant (PDA), smart phone, laptop, tablet, personalcomputer (PC), pager, portable computer, portable gaming device,wearable electronic device, health/medical/fitness device, camera, orother mobile communications device having components for communicatingvoice or data via a wireless communication network. The wirelesscommunication network may include a wireless link over at least one of alicensed spectrum and an unlicensed spectrum. The term “mobile device”can also refer to any hardware or software component that can terminatea communication session for a user. In addition, the terms “userequipment,” “UE,” “user equipment device,” “user agent,” “UA,” “userdevice,” and “mobile device” can be used synonymously herein.

In some cases, an electronic device that sends a message can send a type0 SMS message to include authentication information for the message.FIG. 3 is a flow diagram showing an example process 300 forauthenticating messages according to an implementation. The process 300can be implemented by an electronic device, e.g., the electronic device202 shown in FIG. 2. The process 300 shown in FIG. 3 can also beimplemented using additional, fewer, or different entities. Furthermore,the process 300 shown in FIG. 3 can also be implemented usingadditional, fewer, or different operations, which can be performed inthe order shown or in a different order.

The example process 300 begins at 302, where a message is sent from anelectronic device. In some cases, the message can be a SMS message.Alternatively, the message can be a message associated with a dataapplication running on the electronic device. For example, the messagecan be a chat associated with a social media application, an online chatapplication, or any other messages.

From 302, the process 300 proceeds to 304, where the electronic devicesends a type 0 short message service (SMS) message. In some cases, thetype 0 SMS message is sent to the same destination device as the messagesent at 302.

In some cases, the type 0 SMS message includes authenticationinformation for the message sent at 302. In some cases, the type 0 SMSmessage also includes content information of the message sent at 302.FIG. 5 illustrates an example type 0 SMS message 500 according to animplementation. As shown in FIG. 5, the type 0 SMS message 500 includesa message information field 502 and an authentication information field510.

In some cases, the message information field 502 can include informationthat can be used to identify the message to be authenticated. In somecases, the message information field 502 can include a message index, asequence number, or any other indicator that can be used to identify themessage to be authenticated. Alternatively or in combination, themessage information field 502 can include information associated withthe content of the message sent at 302. In some cases, the informationassociated with the content of the message can include the entiremessage, the body of the message, or a portion of the message.Alternatively or in combination, information associated with the contentof the message can include information generated based on the message ora portion of the message. For example, the message information field 502can include a hash output generated based on the message. In some cases,the electronic device can apply a hash function on the message or aportion of the message to generate the hash output. The Secure HashAlgorithm (SHA)-256 algorithm, MD5, SHA-1, SHA-3 or other securityalgorithms can be used to generate the hash output.

In some cases, the authentication information field 510 can includeauthentication information for the message sent at 302. Theauthentication information can include a signature, a certificate, atime stamp, or any combinations thereof. FIG. 6 illustrates an exampleauthentication information field 600 according to an implementation. Asshown in FIG. 6, the authentication information field 600 includes asignature field 610, a certificate field 620, and a timestamp field 630.

The signature field 610 includes a signature of the message. In somecases, the electronic device generates the signature using the message,a private key and a digital signature generation algorithm. Examples ofthe digital signature generating algorithms includeRivest-Shamir-Adleman (RSA), Digital Signature Algorithm (DSA), EllipticCurve Digital Signature Algorithm (ECDSA), and any other digitalsignature generating algorithms.

In some cases, as shown in FIG. 6, the signature field 610 can include amessage authentication code (MAC) 612 and an s-field 614. In some cases,the MAC 612 and the s-field 614 can be formatted according to asignature protocol, e.g., the Schnorr Signature protocol. In some cases,the MAC 612 includes an output of a hash function. In some cases, theinput of the hash function can include the entirety or a portion of themessage to be authenticated, the private key of the electronic device,or any combinations thereof. In some cases, the length of the MAC 612 is14 bytes. The s-field 614 includes information associated with theprivate key of the electronic device, e.g., the private key in binaryform. In some cases, the length of the s-field is 28 bytes.

In some cases, the authentication information field 600 can include acertificate field 620. In some cases, the certificate field 620 caninclude a certificate associated with the private key that is used togenerate the signature discussed previously. In some cases, thecertificate can include an explicit certificate. An explicit certificatecan include the public key, identification data of the sender, and adigital signature generated by the CA. The digital signature binds thepublic key to the identification data. A destination device thatreceives the certificate can validate the digital signature by using thepublic key. Alternatively the certificate can include an implicitcertificate. In some cases, the public key and the identification datacan be used in generate the implicit certificate. A receiver of theimplicit certificate can compute the public key based on the implicitcertificate and the public key of the CA.

The certificate included in the certificate field 620 can be an explicitcertificate or an implicit certificate. Using an implicit certificatecan reduce the size of the certificate field 620. In some cases, thelength of the implicit certificate can be 40 bytes.

The timestamp field 630 include a time stamp that indicates the time thetype 0 SMS message is generated or sent. In some cases, the timestampcan be formatted according to the Network Identity and Time Zone (NITZ)protocol that is specified in a 3GPP standard. In some cases, the lengthof the timestamp field 630 can be 5 bytes.

Returning to FIG. 3, in some cases, a destination device that receivesboth the message sent at 302 and the type 0 SMS message sent at 304 canuse the type 0 SMS message to validate the sender of the message sent at302. In some cases, the destination device can search all the messagesreceived by the destination device prior to the type 0 SMS message toidentify the message to be authenticated using the type 0 SMS message.Alternatively, the destination device can search a subset of priorreceived messages to identify the message to be authenticated. In oneexample, the subset of messages can include the messages that arereceived within a configured time period before receiving the type 0 SMSmessage. In another example, the subset of messages can include aconfigured number of messages that are received before receiving thetype 0 SMS message. In some cases, the time period or the number ofmessages can be configured by a user, a system administrator, amanufacturer of the electronic device, or any combinations thereof.

In some cases, the destination device can identify the message to beauthenticated from multiple messages by using the information includedin the message information field 502 of the type 0 SMS message. Forexample, the destination device can generate a hash output based on eachof the multiple messages, and compare the hash outputs with the hashoutput included in the message information field 502. If one generatedhash output matches the hash output included in the message informationfield 502, the destination device can determine that the respectivemessage is the message to be authenticated

In some cases, the destination device can obtain the public key based onthe certificate included in the type 0 SMS message as discussedpreviously. In some cases, e.g., if the type 0 SMS message does notinclude a certificate, the destination device can be provisioned withthe public key of the electronic device prior to receiving the type 0SMS message.

In some cases, the destination device can use the signature included inthe type 0 SMS message, the public key, and the message to authenticatethe message. If the authentication succeeds, then the sender of themessage is validated by proof of possession of the private keyassociated with the public key used for authentication.

In some cases, the destination device can use the time stamp included inthe type 0 SMS message to further validate the message. For example, anelapsed time can be configured. If the time duration between the timethe message is received and the time indicated by the time stamp exceedsthe configured elapsed time, the destination device can determine thatthe message may carry security risks.

In some cases, if the destination device validates the message, thedestination device can output the message on the device. If thevalidation fails, the destination device can discard the message, outputa notification on the device indicating that an invalid message isreceived, or a combination thereof

In some cases, an electronic device that receives a message can send atype 0 SMS message to request authentication information for themessage. FIG. 4 is a flow diagram showing another example process 400for authenticating messages according to an implementation. The process400 can be implemented by an electronic device, e.g., the electronicdevice 202 shown in FIG. 2. The process 400 shown in FIG. 4 can also beimplemented using additional, fewer, or different entities. Furthermore,the process 400 shown in FIG. 4 can also be implemented usingadditional, fewer, or different operations, which can be performed inthe order shown or in a different order.

The example process 400 begins at 402, where a message is received at anelectronic device from a sender. In some cases, the sender can be adevice, e.g., the sending device 102 shown in FIG. 1, that sends themessage to be authenticated. In some cases, the message can be a SMSmessage. Alternatively, the message can be a message associated with adata application running on the electronic device.

From 402, the process 400 proceeds to 404, where the electronic devicesends a first type 0 SMS message. In some cases, the first type 0 SMSmessage can include an authentication request for the message receivedat 402. The authentication request indicates that an authenticationresponse is requested from the sender.

In some cases, the electronic device identifies the sender of thereceived message based on the received message. For example, thereceived message can include a header field that indicates the sender ofthe message. In some cases, the header field can indicate a name of thesender that uses the sender to send the message. In some cases, theelectronic device can search the electronic device, e.g., through acontact list stored on the electronic device, to determine an addressassociated with the sender. The address can be a phone number that isassociated with the sender. In some cases, the electronic device cansend the first type 0 SMS message to the determined address. In somecases, the search can return multiple addresses, e.g., the contact listmay include more than one phone numbers for the sender. In these orother cases, the electronic device can send the first type 0 SMS messageto each of the multiple addresses.

In some cases, the first type 0 SMS message can be sent automatically bythe electronic device without user inputs. In some cases, the first type0 SMS message can be sent in response to a user input. For example, auser interface can be outputted on the electronic device. The userinterface can indicate that a message is received and request user inputon authentication. In some cases, the name of the sender, the content ofreceived message, or a combination thereof can also be outputted on theelectronic device. The user interface can enable the user to select auser action to authenticate the message. In response to a user selectionto authenticate the message, the electronic device can send the firsttype 0 SMS message.

In some cases, a user can configure the electronic device, or a messageprocessing application on the electronic device, or a combinationthereof for message authentication settings. For example, the messageprocessing application can be configured to operate in either aninsecure mode or a secure mode. If the application operates in a securemode, the first type 0 SMS message for authentication request can besent without user inputs for any messages received by the application.If the application operates in an insecure mode, the electronic devicecan refrain from sending the first type 0 SMS message for authenticationrequest without user input.

In some cases, the authentication request includes information that canbe used to identify the message to be authenticated. For example, theauthentication request can include a message index, a sequence number,information associated with the content of the message, or anycombinations thereof. The information associated with the content of themessage can include the entire message, the body of the message, aportion of the message, or information generated based on the message ora portion of the message, e.g., a hash output.

From 404, the process 400 proceeds to 406, where a second type 0 SMSmessage is received at the electronic device in response to the firsttype 0 SMS message. The second type 0 SMS message indicates that themessage received at 402 is authenticated. In some cases, the second type0 SMS message is generated and sent by the sender. For example, thesender can identify the message to be authenticated based on theinformation included in the authentication request. The sender cangenerate a hash output based on the message sent by the sender andcompare the hash output received in the first type 0 SMS message withthe generated hash output. If the generated hash output matches thereceived hash output, the message is authenticated and the sender cansend the second type 0 SMS message indicating that the message isauthenticated. In some cases, e.g., if the sender has sent multiplemessages before receiving the first type 0 SMS message, the sender cancompare the hash outputs generated from each of the multiple messageswith the hash output included in the first type 0 SMS message. If onegenerated hash output matches the received hash output, the sender canauthenticate the message. If none of the generated hash output matchesthe received hash output, the authentication fails and the sender cansend the second type 0 SMS message indicating that the message is notauthenticated. In some cases, the sender can attempt to authenticate allthe multiple messages based on the first type 0 SMS message.Alternatively, the sender can attempt to authenticate a subset of themultiple messages. The subset can be determined based on a configuredtime period, a configured number of messages, or a combination thereof.The time period or the number of messages can be configured by a user, asystem administrator, a manufacturer of the sender, or any combinationsthereof

In some cases, the second type 0 SMS message can also include asignature that is signed using the private key associated with thesender. In some cases, the second type 0 SMS message can also include acertificate of the sender that is associated with the private key. Theelectronic device can validate the second type 0 SMS message using thesignature, the certificate, or a combination thereof. In some cases, thefirst type 0 SMS message can include an indicator that requests thesignature, the certificate, or a combination thereof to be include inthe second type 0 SMS message.

In some cases, an authentication status indicator can be outputted onthe electronic device. The authentication status indicator can indicatewhether the message received at 402 is authenticated. In some cases, theauthentication status indicator can also indicate that theauthentication times out, e.g., if the electronic device fails toreceive the second type 0 SMS message within a configured time period.In some cases, the authentication status indicator can indicate that theauthentication fails if the authentication times out.

Some of the subject matter and operations described in this disclosurecan be implemented in digital electronic circuitry, or in computersoftware, firmware, or hardware, including the structures described inthis disclosure and their structural equivalents, or in combinations ofone or more of them. Some of the subject matter described in thisdisclosure can be implemented as one or more computer programs, i.e.,one or more modules of computer program instructions, encoded on acomputer storage medium for execution by, or to control the operationof, data-processing apparatus. Alternatively or in addition, the programinstructions can be encoded on an artificially generated propagatedsignal, for example, a machine-generated electrical, optical, orelectromagnetic signal that is generated to encode information fortransmission to suitable receiver apparatus for execution by a dataprocessing apparatus. The computer-storage medium can be amachine-readable storage device, a machine-readable storage substrate, arandom or serial access memory device, or a combination ofcomputer-storage mediums.

The terms “data-processing apparatus,” “computer,” or “electroniccomputer device” encompass all kinds of apparatus, devices, and machinesfor processing data, including, by way of example, a programmableprocessor, a computer, a system on a chip, or multiple ones, orcombinations of the foregoing. The apparatus can include special purposelogic circuitry, e.g., an FPGA (field programmable gate array) or anASIC (application specific integrated circuit). In some implementations,the data processing apparatus or special purpose logic circuitry (or acombination of the data processing apparatus or special purpose logiccircuitry) may be hardware- or software-based (or a combination of bothhardware- and software-based). The apparatus can, optionally, includecode that creates an execution environment for computer programs, forexample, code that constitutes processor firmware, a protocol stack, adatabase management system, an operating system, or a combination ofexecution environments. The present disclosure contemplates the use ofdata processing apparatuses with or without conventional operatingsystems, for example LINUX, UNIX, WINDOWS, MAC OS, ANDROID, IOS, or anyother suitable, conventional operating system.

A computer program, which may also be referred to or described as aprogram, software, a software application, a module, a software module,a script, or code, can be written in any form of programming language,including compiled or interpreted languages, or declarative orprocedural languages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, or other unitsuitable for use in a computing environment. A computer program may, butneed not, correspond to a file in a file system. A program can be storedin a portion of a file that holds other programs or data, for example,one or more scripts stored in a markup language document, in a singlefile dedicated to the program in question, or in multiple coordinatedfiles, for example, files that store one or more modules, sub-programs,or portions of code. A computer program can be deployed to be executedon one computer or on multiple computers that are located at one site,or distributed across multiple sites and interconnected by acommunication network. While portions of the programs illustrated in thevarious figures are shown as individual modules that implement thevarious features and functionality through various objects, methods, orother processes, the programs may instead include a number ofsub-modules, third-party services, components, libraries, and such, asappropriate. Conversely, the features and functionality of variouscomponents can be combined into single components, as appropriate.

Some of the processes and logic flows described in this disclosure canbe performed by one or more programmable processors, executing one ormore computer programs to perform actions by operating on input data andgenerating output. The processes and logic flows can also be performedby, and apparatus can also be implemented as, special purpose logiccircuitry, e.g., an FPGA (field programmable gate array) or an ASIC(application specific integrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andprocessors of any kind of digital computer. Generally, a processor willreceive instructions and data from a read-only memory or a random-accessmemory, or both. A processor can include by way of example aprogrammable processor, a computer, a system on a chip, or multipleones, or combinations of the foregoing. A processor can include specialpurpose logic circuitry, e.g., an FPGA (field programmable gate array)or an ASIC (application specific integrated circuit).

Computers suitable for the execution of a computer program can be basedon general or special purpose microprocessors, both, or any other kindof CPU. Generally, a CPU will receive instructions and data from aread-only memory (ROM) or a random access memory (RAM), or both. Theessential elements of a computer are a CPU, for performing or executinginstructions, and one or more memory devices, for storing instructionsand data. Generally, a computer will also include, or be operativelycoupled to, receive data from or transfer data to, or both, one or moremass storage devices for storing data, for example, magnetic,magneto-optical disks, or optical disks. However, a computer need nothave such devices. Moreover, a computer can be embedded in anotherdevice, for example, a mobile telephone, a personal digital assistant(PDA), a mobile audio or video player, a game console, a globalpositioning system (GPS) receiver, or a portable storage device, forexample, a universal serial bus (USB) flash drive, to name just a few.

Computer-readable media (transitory or non-transitory, as appropriate)suitable for storing computer program instructions and data include allforms of non-volatile memory, media and memory devices, including, byway of example, semiconductor memory devices, for example, erasableprogrammable read-only memory (EPROM), electrically erasableprogrammable read-only memory (EEPROM), and flash memory devices;magnetic disks, for example, internal hard disks or removable disks;magneto-optical disks; and CD-ROM, DVD+/−R, DVD-RAM, and DVD-ROM disks.The memory may store various objects or data, including caches, classes,frameworks, applications, backup data, jobs, web pages, web pagetemplates, database tables, repositories storing dynamic information,and any other appropriate information including any parameters,variables, algorithms, instructions, rules, constraints, or referencesthereto. Additionally, the memory may include any other appropriatedata, such as logs, policies, security or access data, reporting files,as well as others. The processor and the memory can be supplemented by,or incorporated in, special purpose logic circuitry. In some cases, thecomputer storage medium can be transitory, non-transitory, or acombination thereof

To provide for interaction with a user, implementations of the subjectmatter described in this disclosure can be implemented on a computerhaving a display device, for example, a CRT (cathode ray tube), LCD(liquid crystal display), LED (Light Emitting Diode), or plasma monitor,for displaying information to the user and a keyboard and a pointingdevice, for example, a mouse, trackball, or trackpad by which the usercan provide input to the computer. Input may also be provided to thecomputer using a touchscreen, such as a tablet computer surface withpressure sensitivity, a multi-touch screen using capacitive or electricsensing, or other type of touchscreen. Other kinds of devices can beused to provide for interaction with a user as well; for example,feedback provided to the user can be any form of sensory feedback, forexample, visual feedback, auditory feedback, or tactile feedback; andinput from the user can be received in any form, including acoustic,speech, or tactile input. In addition, a computer can interact with auser by sending documents to, and receiving documents from a device thatis used by the user, for example, by sending web pages to a web browseron a user's client device in response to requests received from the webbrowser.

The term “graphical user interface,” or “GUI,” may be used in thesingular or the plural to describe one or more graphical user interfacesand each of the displays of a particular graphical user interface.Therefore, a GUI may represent any graphical user interface, includingbut not limited to, a web browser, a touch screen, or a command lineinterface (CLI) that processes information and efficiently presents theinformation results to the user. In general, a GUI may include aplurality of user interface (UI) elements, some or all associated with aweb browser, such as interactive fields, pull-down lists, and buttonsoperable by the business suite user. These and other UI elements may berelated to or represent the functions of the web browser.

Implementations of the subject matter described in this disclosure canbe implemented in a computing system that includes a back-end component,for example, as a data server, or that includes a middleware component,for example, an application server, or that includes a front-endcomponent, for example, a client computer having a graphical userinterface or a Web browser through which a user can interact with animplementation of the subject matter described in this disclosure, orany combination of one or more such back-end, middleware, or front-endcomponents. The components of the system can be interconnected by anyform or medium of wireline or wireless digital data communication (or acombination of data communication), for example, a communicationnetwork. Examples of communication networks include a local area network(LAN), a radio access network (RAN), a metropolitan area network (MAN),a wide area network (WAN), Worldwide Interoperability for MicrowaveAccess (WIMAX), a wireless local area network (WLAN) using, for example,802.11 a/b/g/n or 802.20 (or a combination of 802.11x and 802.20 orother protocols consistent with this disclosure), all or a portion ofthe Internet, or any other communication system, or systems at one ormore locations (or a combination of communication networks). The networkmay communicate with, for example, Internet Protocol (IP) packets, FrameRelay frames, Asynchronous Transfer Mode (ATM) cells, voice, video,data, or other suitable information (or a combination of communicationtypes) between network addresses.

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other.

In some implementations, any or all of the components of the computingsystem, both hardware or software (or a combination of hardware andsoftware), may interface with each other or the interface using anapplication programming interface (API) or a service layer (or acombination of API and service layer). The API may includespecifications for routines, data structures, and object classes. TheAPI may be either computer language, independent or dependent, and referto a complete interface, a single function, or even a set of APIs. Theservice layer provides software services to the computing system. Thefunctionality of the various components of the computing system may beaccessible for all service consumers using this service layer. Softwareservices provide reusable, defined business functionalities through adefined interface. For example, the interface may be software written inJAVA, C++, or other suitable language providing data in extensiblemarkup language (XML) format or other suitable format. The API orservice layer (or a combination of the API and the service layer) may bean integral or a stand-alone component in relation to other componentsof the computing system. Moreover, any or all parts of the service layermay be implemented as child or sub-modules of another software module,enterprise application, or hardware module without departing from thescope of this disclosure.

While this disclosure contains many specific implementation details,these should not be construed as limitations on the scope of anyinvention or on the scope of what may be claimed, but rather asdescriptions of features that may be specific to particularimplementations of particular inventions. Certain features that aredescribed in this disclosure in the context of separate implementationscan also be implemented, in combination, in a single implementation.Conversely, various features that are described in the context of asingle implementation can also be implemented in multipleimplementations, separately or in any suitable sub-combination.Moreover, although features may be described above as acting in certaincombinations and even initially claimed as such, one or more featuresfrom a claimed combination can in some cases be excised from thecombination, and the claimed combination may be directed to asub-combination or variation of a sub-combination.

Particular implementations of the subject matter have been described.Other implementations, alterations, and permutations of the describedimplementations are within the scope of the following claims as will beapparent to those skilled in the art. While operations are depicted inthe drawings or claims in a particular order, this should not beunderstood as requiring that such operations be performed in theparticular order shown or in sequential order, or that all illustratedoperations be performed (some operations may be considered optional), toachieve desirable results. In certain circumstances, multitasking orparallel processing (or a combination of multitasking and parallelprocessing) may be advantageous, and performed as deemed appropriate.

Moreover, the separation or integration of various system modules andcomponents in the implementations described above should not beunderstood as requiring such separation or integration in allimplementations, and it should be understood that the described programcomponents and systems can generally be integrated together in a singlesoftware product or packaged into multiple software products.

Accordingly, the above description of example implementations does notdefine or constrain this disclosure. Other changes, substitutions, andalterations are also possible without departing from the spirit andscope of this disclosure.

Furthermore, any claimed implementation below is considered to beapplicable to at least a computer-implemented method; a non-transitory,computer-readable medium storing computer-readable instructions toperform the computer-implemented method; and a computer systemcomprising a computer memory interoperably coupled with a hardwareprocessor configured to perform the computer-implemented method or theinstructions stored on the computer-readable medium.

What is claimed is:
 1. A method, comprising: receiving, at an electronicdevice, a message from a sender; sending, from the electronic device tothe sender, a first type 0 short message service (SMS) message, whereinthe first type 0 SMS message indicates an authentication request for themessage; and receiving, at the electronic device, a second type 0 SMSmessage, wherein the second type 0 SMS message indicates that themessage is authenticated.
 2. The method of claim 1, further comprisinggenerating a hash output based on at least a portion of the messageusing a hashing function, wherein the first type 0 SMS message includesthe hash output.
 3. The method of claim 1, further comprisingidentifying the sender based on the message.
 4. The method of claim 1,wherein the second type 0 SMS message includes a signature of thesender.
 5. The method of claim 4, wherein the signature is generatedusing a private key.
 6. The method of claim 1, wherein the second type 0SMS message includes a certificate associated with the electronicdevice.
 7. A method, comprising: sending a message at an electronicdevice; and sending a type 0 short message service (SMS) message,wherein the type 0 SMS message includes authentication information forthe message, and the authentication information includes a signatureassociated with the electronic device.
 8. The method of claim 7, whereinthe authentication information includes a certificate associated withthe electronic device.
 9. The method of claim 8, wherein the signatureis generated using a private key.
 10. An electronic device, comprising:a memory; and at least one hardware processor communicatively coupledwith the memory and configured to: receive, at an electronic device, amessage from a sender; send, from the electronic device to the sender, afirst type 0 short message service (SMS) message, wherein the first type0 SMS message indicates an authentication request for the message; andreceive, at the electronic device, a second type 0 SMS message, whereinthe second type 0 SMS message indicates that the message isauthenticated.
 11. The electronic device of claim 10, wherein the atleast one hardware processor is further configured to generate a hashoutput based on at least a portion of the message using a hashingfunction, wherein the first type 0 SMS message includes the hash output.12. The electronic device of claim 10, wherein the at least one hardwareprocessor is further configured to identify the sender based on themessage.
 13. The electronic device of claim 10, wherein the second type0 SMS message includes a signature of the sender.
 14. The electronicdevice of claim 13, wherein the signature is generated using a privatekey.
 15. The electronic device of claim 10, wherein the second type 0SMS message includes a certificate associated with the electronicdevice.
 16. A computer-readable medium containing instructions which,when executed, cause a computing device to perform operationscomprising: receiving, at an electronic device, a message from a sender;sending, from the electronic device to the sender, a first type 0 shortmessage service (SMS) message, wherein the first type 0 SMS messageindicates an authentication request for the message; and receiving, atthe electronic device, a second type 0 SMS message, wherein the secondtype 0 SMS message indicates that the message is authenticated.
 17. Thecomputer-readable medium of claim 16, the operations further comprisinggenerating a hash output based on at least a portion of the messageusing a hashing function, wherein the first type 0 SMS message includesthe hash output.
 18. The computer-readable medium of claim 16, theoperations further comprising identifying the sender based on themessage.
 19. The computer-readable medium of claim 16, wherein thesecond type 0 SMS message includes a signature of the sender.
 20. Thecomputer-readable medium of claim 19, wherein the signature is generatedusing a private key.